cbcvebase.

Halo Service Solutions Haloitsm vulnerabilities

4 known vulnerabilities affecting halo_service_solutions/haloitsm.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-6202P2CRITICALCVSS 9.8fixed in 2.146.12024-08-06
CVE-2024-6202 [CRITICAL] CWE-863 CVE-2024-6202: HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. W HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.
nvd
CVE-2024-6203P3HIGHCVSS 8.1fixed in 2.146.12024-08-06
CVE-2024-6203 [HIGH] CWE-640 CVE-2024-6203: HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned p HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by the victim or automatically by an email client software), the password reset token is leaked to the m
nvd
CVE-2024-6201P4MEDIUMCVSS 5.3fixed in 2.146.12024-08-06
CVE-2024-6201 [MEDIUM] CVE-2024-6201: HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.
nvd
CVE-2024-6200P4MEDIUMCVSS 5.4fixed in 2.146.12024-08-06
CVE-2024-6200 [MEDIUM] CWE-79 CVE-2024-6200: HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. T HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. The injected JavaScript code can execute arbitrary action on behalf of the user accessing a ticket. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.
nvd
Halo Service Solutions Haloitsm vulnerabilities | cvebase